浅记cas集成

注意：集成单点登录后，可以完成用户认证逻，需要进一步查询用户中心接口获取用户绑定角色等信息。

接入参考CAS官方Github客户端示例

SpringBoot项目示例

1、springboot项目在pom文件添加如下cas依赖 ，依赖版本3.6.2

<!-- CAS Client Config -->
<dependency>
    <groupId>org.jasig.cas.client</groupId>
    <artifactId>cas-client-support-springboot</artifactId>
    <version>${jasig-cas-client.version}</version>
</dependency>

2、在配置文件application中配置cas的sso服务器地址，本机服务地址，重定向地址

# CAS Config
cas.server-url-prefix=http://1031.811.15.177:8081
cas.server-login-url=http://1031.811.15.177:8081/login
cas.single-logout.enabled=true
cas.client-host-url=http://11031.811.15.177:7256
cas.authentication-url-patterns=/login/*
cas.validation-url-patterns=/login/*
cas.validation-type=CAS

3、定义配置类，开启CAS拦截过滤

import org.jasig.cas.client.boot.configuration.CasClientConfigurer;
import org.jasig.cas.client.boot.configuration.EnableCasClient;
import org.springframework.context.annotation.Configuration;
@Configuration
@EnableCasClient
public class CasClient implements CasClientConfigurer {
    
}

1. 登录成功后从Session中读取用户信息

@Tag(name = "单点登录业务")
@Controller
@RequestMapping("/login")
@Slf4j
public class LoginController<S extends Session> {
    @GetMapping("/cas")
    public void cas(
        HttpServletRequest request,
        HttpServletResponse response,
        String resultUrl
    ) throws IOException {         
        HttpSession casSession = request.getSession();
        try {
            Assertion assertion = (Assertion) casSession.getAttribute(GlobalText.CAS_ATTR_NAME);
            Map<String, Object> attrs = assertion.getPrincipal().getAttributes();

            for (Entry<String, Object> attr : attrs.entrySet()) {
                log.debug("Attr {} : {}", attr.getKey(), attr.getValue());
            }
            Long userId = Long.valueOf(String.valueOf(attrs.get("userId")).strip());
            // 本地数据保存
            // 完成本地会话处理，引导浏览器重定向至登录前位置
            response.sendRedirect(redirectLocation + connector + "token=" + session.getId());
        } catch(IOException exp) {
            log.info(exp.getMessage());
            response.sendRedirect(redirectLocation);
        }
    }
    
}

1. 退出登录，目前的解决方案为拿到cookie中cas票据，依次清除，再将缓存中的session信息清除。仅完成分系统及SSO的退出操作，如果需要做单点注销，需要进一步调用接口进行登出。

@Tag(name = "退出")
@RestController
@RequestMapping("/logout")
public class LogoutController<S extends Session> {

    @Autowired
    private FindByIndexNameSessionRepository<S> sessionRepository;
    
    @Autowired
    private Redirect redirect;

    @Operation(summary = "退出")
    @GetMapping("/cas")
    public void logout(
        HttpServletRequest request,
        HttpServletResponse response,
        @RequestParam(name = "resultUrl", required = true) String resultUrl,
        @RequestParam(name = "token", required = true) String token
    ) throws IOException {

        Enumeration<String> em = request.getSession().getAttributeNames();
        while(em.hasMoreElements()){
            request.getSession().removeAttribute(em.nextElement());
        }
        sessionRepository.deleteById(token);

        response.sendRedirect(redirect.getLogoutUrl() + resultUrl);
    }
}